3 matches found
GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
PT-2025-30602 · Unknown · Mezzanine Cms
Name of the Vulnerable Software and Affected Versions: Mezzanine CMS version 6.1.0 Description: A cross-site scripting XSS vulnerability exists in the /blog/blogpost/add component of Mezzanine CMS. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into ...
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...